OPNsense Forum

Archive => 20.1 Legacy Series => Topic started by: Julien on June 03, 2020, 07:41:58 pm

Title: How to Configure Wireguard for Remote users
Post by: Julien on June 03, 2020, 07:41:58 pm

Dear all,
couple of weeks i've strugeling on getting wireguard configured and working,
today i am going to explain how to do with screenshots.
Step 1, Go to plugin and install wireguard
(https://i.ibb.co/GtxgSxk/1.jpg) (https://ibb.co/txmyrmc)

Step 2
go to VPN >> Wireguard >>> and Enable it
(https://i.ibb.co/HCydRf8/Screenshot-2020-06-03-at-19-30-33.png) (https://ibb.co/HCydRf8)

Step 3
Go to VPN WireGuard Local, and create a Local connection.
Chose a tunnel IP.
please notte: do not enter private or public key, they will be generate automatically

(https://i.ibb.co/D4jLYKt/Screenshot-2020-06-03-at-19-37-59.png) (https://ibb.co/D4jLYKt)

Step 4
open the created local connection and save the public key / private key on a notepad you gonna need it.
(https://i.ibb.co/rQ6LQ4Z/Screenshot-2020-06-03-at-19-39-53.png) (https://ibb.co/rQ6LQ4Z)

Step 5
go to VPN >> Wireguard >>Endpoints and create a Endpoint " Endpoint is like a user", we will use Julien as my name for this Endpoint.
(https://i.ibb.co/M919X7h/4.jpg) (https://ibb.co/M919X7h)

Step 6
Install Wireguard on Windows/Mac OSX, this methode works for both Windows and Mac OSX
after the installation Chose add tunnel and than Add a empty Tunnel
(https://i.ibb.co/GHQ79pf/5.png) (https://ibb.co/GHQ79pf)

Step 7
copy the Public key from the Windows Client and save it at the Endpoint of the user as showed below on the picture
(https://i.ibb.co/MDHQvkJ/6.jpg) (https://ibb.co/HDy3ST9)
(https://i.ibb.co/gyxHndw/7.jpg) (https://ibb.co/TcspC1R)
(https://i.ibb.co/G0vf2vF/8.jpg) (https://ibb.co/W6WNyWs)

Step 8

Go To VPN >>> WireGuard>>> Local and add Julien to the Peer so the Endpoint would be permited to connect using the Peer " see screenshot"
(https://i.ibb.co/qYmK30t/9.jpg) (https://ibb.co/WvBZ4Db)

Click Save, and Go back up General and Click on Save Again " see screenshot"
(https://i.ibb.co/g30m0w0/10-enable-wireguard.jpg) (https://ibb.co/Y35P585)

Step 9

Go to Interfaces >> Assigmenet and add WG0 " Wiregaurd" interface, Call it " Remote Users" or whatever you want.
(https://i.ibb.co/kXNYc7b/11.jpg) (https://ibb.co/QMysmgS)
(https://i.ibb.co/2ncKxyD/12.jpg) (https://ibb.co/cg2T01G)

PS: Dont change anything on the settings, leave it as it IPV4/IPV6 on NONE, Wireguard will take care of that part. after it done, restart wireguard service and you should see it will detect it new IP " see below picture.
(https://i.ibb.co/ZBSCkzf/13.jpg) (https://imgbb.com/)

Step 10,

Go to the Firewall >> Rules > And find the interface you created, mine call Remote Users and create a firewall looks like the one on the screenshot.
(https://i.ibb.co/ScshQFk/14.jpg) (https://ibb.co/gdj5vk0)

Go To Firewall >> Rules >> WAN and create incoming connections on the WAN Side.
PS: this rule is not restricted yet, when the connection is up you can restricted to ip/port/ect...

(https://i.ibb.co/kc1KnYJ/15.jpg) (https://ibb.co/VBmVyXx)


the Windows Client connection should looks like this.

Code: [Select]

[Interface]
Address = 10.171.1.2/31
PrivateKey = LaptopPrivKey
DNS = 10.10.1.20

[Peer]
PublicKey = OpnsensePUBLICkey
AllowedIPs = 0.0.0.0/0
Endpoint = my.ddns.example.com:51820
like this you should the connection is set up and active.

(https://i.ibb.co/ZdtNkCr/16.png) (https://imgbb.com/)

if you have a remote users using 4G/ UMTS connection maybe is smart though to use MTU

Code: [Select]

[Interface]
Address = 10.171.1.2/31
PrivateKey = LaptopPrivKey
MTU = 1380
DNS = 10.10.1.20

[Peer]
PublicKey = OpnsensePUBLICkey
AllowedIPs = 0.0.0.0/0
Endpoint = my.ddns.example.com:51820

I hope the Admin will PIN the post,

this week i will create a new tutorial how to do site to site using wireguard.

Title: Re: How to Configure Wireguard for Remote users
Post by: mimugmail on June 05, 2020, 07:44:48 am

You should move it to How-To section, as 20.1 is outdated in some time :)

Title: Re: How to Configure Wireguard for Remote users
Post by: Julien on June 05, 2020, 03:41:32 pm

Quote from: mimugmail on June 05, 2020, 07:44:48 am

You should move it to How-To section, as 20.1 is outdated in some time :)

it works as well on 20.7,
how can i move it ?

Title: Re: How to Configure Wireguard for Remote users
Post by: JohnDoe17 on June 06, 2020, 03:10:37 am

Thank you for this guide!  I really appreciate you sharing this with the community.

I hope this or something built from this will be added to the official online documentation.

 :)

Title: Re: How to Configure Wireguard for Remote users
Post by: mimugmail on June 06, 2020, 06:42:27 am

Quote from: JohnDoe17 on June 06, 2020, 03:10:37 am

Thank you for this guide!  I really appreciate you sharing this with the community.

I hope this or something built from this will be added to the official online documentation.

 :)

Everyone can contribute to official docs here:
https://github.com/opnsense/docs